CyberSecurity: please don't throw government money at this nonsense

The best thing - the absolute best thing - about being an unaffiliated security blogger on CWUK is that you're guaranteed daily to have something new to discuss, and you're free to say exactly what you think. Consider this article from The...

Share

The best thing - the absolute best thing - about being an unaffiliated security blogger on CWUK is that you're guaranteed daily to have something new to discuss, and you're free to say exactly what you think. Consider this article from The Register:

Cameron to spend £1bn+ on cyber security

David Cameron will next week allocate more than a billion pounds to a cross-government effort to bolster Britain's cyber security, Whitehall sources have told The Register. The funding will be announced by the Prime Minister as part of the Strategic Defence and Security Review.

I cannot conceive how any amount of centrally directed funding will help network security in the slightest.

The problem is partly one of perspective: the political leadership's vision of CyberSecurity is a CyberSpace where the CyberArmies roll-out CyberWeapons like CyberTanks - and defences like Fire CyberWalls - to fend off the CyberHordes of CyberInvaders in a vector-graphic world like Tron.

It doesn't work that way. Network security research and defence is a lot closer to medical research - moderately open, distributed, disparate, potentially usable for military means... but you have to take care before releasing toxins or weaponised viruses lest the wind changes direction.

Cyberspace is not a battlefield. We are cyberspace - a huge, heaving neo-organic body, a unsapient digital counterpart to Gaia but for which we are the skin. The internal organs are our phones, netbooks, desktops, servers, routers, cloud services and providers, and this body grows by allografting everything that it touches. This body is infested with parasites, worms and bugs - some of which are "friendly bacteria" - but we ourselves are often vectors of disesase, clicking, forwarding and executing stupidities that are propagated to other parts of the body. You cannot halt this because the disease's circulation is tightly integrated with how the body functions.

What will happen with government funding? Do you remember Swine Flu?

Much money, much noise, much demand generation and in the end a load of product sitting on the shelves because circumstances passed it by, and the chosen solution was probably inappropriate in the first place. Hybridise that outcome with the success of any other Government IT project you care to mention.

My guesses include: someone trying to float a British CISSP-like certification, talk of mandatory training and possibly licensing of security professionals, and the UK's opening salvo for CryptoWars2.0. There will be a big operations room, and someone saying "If I hit this button, I can shut down the British Internet and we'll be safe" - and some tabloid will publish a picture of a great big Firewall, starting at Dover and following the coastline around Britain.

Surely this is a sop to the MoD - giving them something new to focus on and talk about whilst money is pruned from elsewhere? But if the US CyberCommand is stuck wondering why it exists and what it is really meant to do, not to mention how and where to do it, what hope will the boys in the Doughnut have?

Promoted